package org.http4s.server.middleware;

import cats.Applicative;
import cats.Applicative$;
import cats.arrow.FunctionK;
import cats.effect.kernel.Async;
import cats.effect.kernel.GenConcurrent;
import cats.effect.kernel.Sync;
import cats.syntax.package$all$;
import java.security.SecureRandom;
import java.time.Clock;
import javax.crypto.SecretKey;
import org.http4s.Header;
import org.http4s.Header$Select$;
import org.http4s.Headers$;
import org.http4s.MediaType;
import org.http4s.MediaType$;
import org.http4s.Request;
import org.http4s.RequestCookie;
import org.http4s.Response$;
import org.http4s.Status$;
import org.http4s.Uri;
import org.http4s.Uri$;
import org.http4s.UrlForm;
import org.http4s.UrlForm$;
import org.http4s.headers.Content;
import org.http4s.headers.Content$minusType$;
import org.http4s.headers.Cookie$;
import org.http4s.headers.Host;
import org.http4s.headers.Host$;
import org.http4s.headers.Referer;
import org.http4s.headers.Referer$;
import org.http4s.headers.X;
import org.http4s.headers.X$minusForwarded$minusFor$;
import org.http4s.server.middleware.CSRF;
import org.typelevel.ci.package$;
import scala.Function1;
import scala.Function2;
import scala.MatchError;
import scala.None$;
import scala.Option;
import scala.Predef$;
import scala.Some;
import scala.StringContext;
import scala.collection.immutable.Map;
import scala.collection.immutable.Nil$;
import scala.runtime.BoxesRunTime;
import scala.util.Left;
import scala.util.Right;

/* compiled from: CSRF.scala */
/* loaded from: input_file:org/http4s/server/middleware/CSRF$.class */
public final class CSRF$ implements CSRFSingletonPlatform {
    public static CSRF$ MODULE$;
    private final int SHA1ByteLen;
    private final int CSRFTokenLength;
    private final int InitialSeedArraySize;
    private final String SigningAlgo;
    private final SecureRandom org$http4s$server$middleware$CSRFSingletonPlatform$$CachedRandom;

    static {
        new CSRF$();
    }

    @Override // org.http4s.server.middleware.CSRFSingletonPlatform
    public boolean isEqual(String str, String str2) {
        boolean isEqual;
        isEqual = isEqual(str, str2);
        return isEqual;
    }

    @Override // org.http4s.server.middleware.CSRFSingletonPlatform
    public String genTokenString() {
        String genTokenString;
        genTokenString = genTokenString();
        return genTokenString;
    }

    @Override // org.http4s.server.middleware.CSRFSingletonPlatform
    public <F> F generateSigningKey(Async<F> async) {
        Object generateSigningKey;
        generateSigningKey = generateSigningKey(async);
        return (F) generateSigningKey;
    }

    @Override // org.http4s.server.middleware.CSRFSingletonPlatform
    public <F> F buildSigningKey(byte[] bArr, Async<F> async) {
        Object buildSigningKey;
        buildSigningKey = buildSigningKey(bArr, async);
        return (F) buildSigningKey;
    }

    @Override // org.http4s.server.middleware.CSRFSingletonPlatform
    public String SigningAlgo() {
        return this.SigningAlgo;
    }

    @Override // org.http4s.server.middleware.CSRFSingletonPlatform
    public SecureRandom org$http4s$server$middleware$CSRFSingletonPlatform$$CachedRandom() {
        return this.org$http4s$server$middleware$CSRFSingletonPlatform$$CachedRandom;
    }

    @Override // org.http4s.server.middleware.CSRFSingletonPlatform
    public void org$http4s$server$middleware$CSRFSingletonPlatform$_setter_$SigningAlgo_$eq(String str) {
        this.SigningAlgo = str;
    }

    @Override // org.http4s.server.middleware.CSRFSingletonPlatform
    public final void org$http4s$server$middleware$CSRFSingletonPlatform$_setter_$org$http4s$server$middleware$CSRFSingletonPlatform$$CachedRandom_$eq(SecureRandom secureRandom) {
        this.org$http4s$server$middleware$CSRFSingletonPlatform$$CachedRandom = secureRandom;
    }

    public <F, G> CSRF.CSRFBuilder<F, G> apply(SecretKey secretKey, Function1<Request<G>, Object> function1, Async<F> async, Applicative<G> applicative) {
        return new CSRF.CSRFBuilder<>(package$.MODULE$.CIStringSyntax(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"X-Csrf-Token"}))).ci(Nil$.MODULE$), new CSRF.CookieSettings("csrf-token", false, true, CSRF$CookieSettings$.MODULE$.apply$default$4(), new Some("/"), CSRF$CookieSettings$.MODULE$.apply$default$6(), CSRF$CookieSettings$.MODULE$.apply$default$7()), Clock.systemUTC(), Response$.MODULE$.apply(Status$.MODULE$.Forbidden(), Response$.MODULE$.apply$default$2(), Response$.MODULE$.apply$default$3(), Response$.MODULE$.apply$default$4(), Response$.MODULE$.apply$default$5()), true, secretKey, function1, checkCSRFDefault(async), async, applicative);
    }

    public <F, G> CSRF.CSRFBuilder<F, G> withDefaultOriginCheck(SecretKey secretKey, String str, Uri.Scheme scheme, Option<Object> option, Async<F> async, Applicative<G> applicative) {
        return apply(secretKey, request -> {
            return BoxesRunTime.boxToBoolean($anonfun$withDefaultOriginCheck$1(str, scheme, option, request));
        }, async, applicative);
    }

    public <F, G> CSRF.CSRFBuilder<F, G> withDefaultOriginCheckFormAware(String str, FunctionK<G, F> functionK, SecretKey secretKey, String str2, Uri.Scheme scheme, Option<Object> option, Async<F> async, GenConcurrent<G, Throwable> genConcurrent) {
        return withDefaultOriginCheck(secretKey, str2, scheme, option, (Async) cats.effect.package$.MODULE$.Sync().apply(async), Applicative$.MODULE$.apply(genConcurrent)).withCSRFCheck(checkCSRFinHeaderAndForm(str, functionK, genConcurrent, async));
    }

    public <F, G> F withGeneratedKey(Function1<Request<G>, Object> function1, Async<F> async, Applicative<G> applicative) {
        return (F) package$all$.MODULE$.toFunctorOps(generateSigningKey(async), async).map(secretKey -> {
            return MODULE$.apply(secretKey, function1, async, applicative);
        });
    }

    public <F, G> F withKeyBytes(byte[] bArr, Function1<Request<G>, Object> function1, Async<F> async, Applicative<G> applicative) {
        return (F) package$all$.MODULE$.toFunctorOps(buildSigningKey(bArr, async), async).map(secretKey -> {
            return MODULE$.apply(secretKey, function1, async, applicative);
        });
    }

    public <F, G> Function1<CSRF<F, G>, Function2<Request<G>, F, F>> checkCSRFDefault(Async<F> async) {
        return csrf -> {
            return (request, obj) -> {
                return csrf.getHeaderToken(request).fold(() -> {
                    return csrf.onfailureF();
                }, str -> {
                    return csrf.checkCSRFToken(request, obj, str, async);
                });
            };
        };
    }

    public <F, G> Function1<CSRF<F, G>, Function2<Request<G>, F, F>> checkCSRFinHeaderAndForm(String str, FunctionK<G, F> functionK, GenConcurrent<G, Throwable> genConcurrent, Async<F> async) {
        return csrf -> {
            return (request, obj) -> {
                return package$all$.MODULE$.toFlatMapOps(async.pure(csrf.getHeaderToken(request)), async).flatMap(option -> {
                    return package$all$.MODULE$.toFlatMapOps(option.isDefined() ? async.pure(option) : getFormToken$1(request, genConcurrent, str, functionK, async), async).flatMap(option -> {
                        return option.fold(() -> {
                            return csrf.onfailureF();
                        }, str2 -> {
                            return csrf.checkCSRFToken(request, obj, str2, async);
                        });
                    });
                });
            };
        };
    }

    public Object lift(String str) {
        return str;
    }

    public String unlift(Object obj) {
        return (String) obj;
    }

    public <F> boolean defaultOriginCheck(Request<F> request, String str, Uri.Scheme scheme, Option<Object> option) {
        return Headers$.MODULE$.get$extension1(request.headers(), package$.MODULE$.CIStringSyntax(new StringContext(Predef$.MODULE$.wrapRefArray(new String[]{"Origin"}))).ci(Nil$.MODULE$)).flatMap(nonEmptyList -> {
            Some some;
            Right fromString = Uri$.MODULE$.fromString(((Header.Raw) nonEmptyList.head()).value());
            if (fromString instanceof Right) {
                some = new Some((Uri) fromString.value());
            } else {
                if (!(fromString instanceof Left)) {
                    throw new MatchError(fromString);
                }
                some = None$.MODULE$;
            }
            return some;
        }).exists(uri -> {
            return BoxesRunTime.boxToBoolean($anonfun$defaultOriginCheck$2(str, scheme, option, uri));
        }) || Headers$.MODULE$.get$extension0(request.headers(), Header$Select$.MODULE$.singleHeaders(Referer$.MODULE$.headerInstance())).exists(referer -> {
            return BoxesRunTime.boxToBoolean($anonfun$defaultOriginCheck$4(str, scheme, option, referer));
        });
    }

    public <F> boolean proxyOriginCheck(Request<F> request, Host host, X.minusForwarded.minusFor minusfor) {
        return Headers$.MODULE$.get$extension0(request.headers(), Header$Select$.MODULE$.singleHeaders(Host$.MODULE$.headerInstance())).contains(host) || Headers$.MODULE$.get$extension0(request.headers(), Header$Select$.MODULE$.singleHeaders(X$minusForwarded$minusFor$.MODULE$.headerInstance())).contains(minusfor);
    }

    public int SHA1ByteLen() {
        return this.SHA1ByteLen;
    }

    public int CSRFTokenLength() {
        return this.CSRFTokenLength;
    }

    public int InitialSeedArraySize() {
        return this.InitialSeedArraySize;
    }

    public <F, G> F cookieFromHeadersF(Request<G> request, String str, Sync<F> sync) {
        Object raiseError;
        Some cookieFromHeaders = cookieFromHeaders(request, str);
        if (cookieFromHeaders instanceof Some) {
            raiseError = sync.pure((RequestCookie) cookieFromHeaders.value());
        } else {
            if (!None$.MODULE$.equals(cookieFromHeaders)) {
                throw new MatchError(cookieFromHeaders);
            }
            raiseError = sync.raiseError(CSRF$CSRFCheckFailed$.MODULE$);
        }
        return (F) raiseError;
    }

    public <F> Option<RequestCookie> cookieFromHeaders(Request<F> request, String str) {
        return Headers$.MODULE$.get$extension0(request.headers(), Header$Select$.MODULE$.recurringHeadersWithMerge(Cookie$.MODULE$.headerSemigroupInstance(), Cookie$.MODULE$.headerInstance())).flatMap(cookie -> {
            return cookie.values().find(requestCookie -> {
                return BoxesRunTime.boxToBoolean($anonfun$cookieFromHeaders$2(str, requestCookie));
            });
        });
    }

    public boolean tokensEqual(Object obj, Object obj2) {
        return isEqual(unlift(obj), unlift(obj2));
    }

    public static final /* synthetic */ boolean $anonfun$withDefaultOriginCheck$1(String str, Uri.Scheme scheme, Option option, Request request) {
        return MODULE$.defaultOriginCheck(request, str, scheme, option);
    }

    public static final /* synthetic */ Option $anonfun$checkCSRFinHeaderAndForm$5(String str, Map map) {
        return map.get(str).flatMap(chain -> {
            return chain.uncons().map(tuple2 -> {
                return (String) tuple2._1();
            });
        });
    }

    private static final Object extractToken$1(Request request, GenConcurrent genConcurrent, String str) {
        return package$all$.MODULE$.toFunctorOps(request.attemptAs(UrlForm$.MODULE$.entityDecoder(genConcurrent, UrlForm$.MODULE$.entityDecoder$default$2())).value(), genConcurrent).map(either -> {
            return (Option) either.fold(decodeFailure -> {
                return package$all$.MODULE$.none();
            }, obj -> {
                return $anonfun$checkCSRFinHeaderAndForm$5(str, ((UrlForm) obj).values());
            });
        });
    }

    private static final Object getFormToken$1(Request request, GenConcurrent genConcurrent, String str, FunctionK functionK, Async async) {
        Object pure;
        Content.minusType minustype;
        Some some = Headers$.MODULE$.get$extension0(request.headers(), Header$Select$.MODULE$.singleHeaders(Content$minusType$.MODULE$.headerInstance()));
        if ((some instanceof Some) && (minustype = (Content.minusType) some.value()) != null) {
            MediaType mediaType = minustype.mediaType();
            MediaType x$minuswww$minusform$minusurlencoded = MediaType$.MODULE$.application().x$minuswww$minusform$minusurlencoded();
            if (x$minuswww$minusform$minusurlencoded != null ? x$minuswww$minusform$minusurlencoded.equals(mediaType) : mediaType == null) {
                pure = functionK.apply(extractToken$1(request, genConcurrent, str));
                return pure;
            }
        }
        pure = async.pure(package$all$.MODULE$.none());
        return pure;
    }

    public static final /* synthetic */ boolean $anonfun$defaultOriginCheck$3(String str, Uri.Host host) {
        String value = host.value();
        return value != null ? value.equals(str) : str == null;
    }

    public static final /* synthetic */ boolean $anonfun$defaultOriginCheck$2(String str, Uri.Scheme scheme, Option option, Uri uri) {
        if (uri.host().exists(host -> {
            return BoxesRunTime.boxToBoolean($anonfun$defaultOriginCheck$3(str, host));
        }) && uri.scheme().contains(scheme)) {
            Option port = uri.port();
            if (port != null ? port.equals(option) : option == null) {
                return true;
            }
        }
        return false;
    }

    public static final /* synthetic */ boolean $anonfun$defaultOriginCheck$5(String str, Uri.Host host) {
        String value = host.value();
        return value != null ? value.equals(str) : str == null;
    }

    public static final /* synthetic */ boolean $anonfun$defaultOriginCheck$4(String str, Uri.Scheme scheme, Option option, Referer referer) {
        if (referer.uri().host().exists(host -> {
            return BoxesRunTime.boxToBoolean($anonfun$defaultOriginCheck$5(str, host));
        }) && referer.uri().scheme().contains(scheme)) {
            Option port = referer.uri().port();
            if (port != null ? port.equals(option) : option == null) {
                return true;
            }
        }
        return false;
    }

    public static final /* synthetic */ boolean $anonfun$cookieFromHeaders$2(String str, RequestCookie requestCookie) {
        String name = requestCookie.name();
        return name != null ? name.equals(str) : str == null;
    }

    private CSRF$() {
        MODULE$ = this;
        CSRFSingletonPlatform.$init$(this);
        this.SHA1ByteLen = 20;
        this.CSRFTokenLength = 32;
        this.InitialSeedArraySize = 20;
    }
}
